1Mar
Is it html escape enough for mitigating all xss, if html is going to be generated only in client side?
If all html in a site is generated in client side (attributes, urls, styles everything will be concatenated in javascript and set as innerHTML), is it doing only html escape enough for mitigating all xss attacks mentioned here?https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
